Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-34892 Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
CVE-2025-68049 Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
CVE-2026-39441 Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
CVE-2026-24637 Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
CVE-2026-34900 Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
CVE-2025-68851 Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
CVE-2026-34902 Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
CVE-2026-23970 Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
CVE-2025-68872 Cross-Site Scripting (XSS) in CVE-2025-68872 (CVE-2025-68872)
cross-site scripting in CVE-2025-68872 (CVE-2025-68872). Risk of unauthorized operations or information disclosure.
CVE-2026-39435 Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
CVE-2025-68840 Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
CVE-2026-34891 Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2026-27089 Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
CVE-2025-60175 Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
CVE-2026-48708 Vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48708)
vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48708). Successful exploitation can lead to full system takeover. Exploitable via ``tpl``. Mitigation: upgrade to `0.0.0-20260521225117-d74da9314005` or later.
CVE-2026-48709 Vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709)
vulnerability in github.com/OliveTin/OliveTin (CVE-2026-48709). Risk of unauthorized operations or information disclosure. Exploitable via ``ValidateArgumentType``. Mitigation: upgrade to `0.0.0-20260521230847-a3865704c854` or later.
CVE-2026-48518 Cross-Site Request Forgery (CSRF) in CVE-2026-48518 (CVE-2026-48518)
vulnerability in CVE-2026-48518 (CVE-2026-48518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /multi-juicer/api/teams/{team}/join`.
CVE-2026-48124 Code Injection in CVE-2026-48124 (CVE-2026-48124)
code injection in CVE-2026-48124 (CVE-2026-48124). Risk of unauthorized operations or information disclosure.
CVE-2026-48988 Vulnerability in markdown-it (CVE-2026-48988)
vulnerability in markdown-it (CVE-2026-48988). Risk of unauthorized operations or information disclosure. Exploitable via ``token.content``. Mitigation: upgrade to `14.2.0` or later.
CVE-2026-54283 Vulnerability in starlette (CVE-2026-54283)
vulnerability in starlette (CVE-2026-54283). Risk of unauthorized operations or information disclosure. Exploitable via ``max_fields``. Mitigation: upgrade to `1.3.1` or later.
CVE-2026-54285 Vulnerability in @opentelemetry/core (CVE-2026-54285)
vulnerability in @opentelemetry/core (CVE-2026-54285). Risk of unauthorized operations or information disclosure. Exploitable via ``baggage``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-54282 Vulnerability in Starlette (CVE-2026-54282)
vulnerability in Starlette (CVE-2026-54282). Risk of unauthorized operations or information disclosure. Exploitable via ``request.url``. Mitigation: upgrade to `1.3.0` or later.
CVE-2026-54281 Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
CVE-2026-53539 Vulnerability in python-multipart (CVE-2026-53539)
vulnerability in python-multipart (CVE-2026-53539). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
CVE-2026-53538 Vulnerability in python-multipart (CVE-2026-53538)
vulnerability in python-multipart (CVE-2026-53538). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
CVE-2026-53537 Vulnerability in python-multipart (CVE-2026-53537)
vulnerability in python-multipart (CVE-2026-53537). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_options_header``. Mitigation: upgrade to `0.0.30` or later.
CVE-2026-54257 Vulnerability in electron (CVE-2026-54257)
vulnerability in electron (CVE-2026-54257). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer``. Mitigation: upgrade to `42.3.3` or later.
CVE-2026-53705 Vulnerability in CVE-2026-53705 (CVE-2026-53705)
vulnerability in CVE-2026-53705 (CVE-2026-53705). Risk of unauthorized operations or information disclosure.
CVE-2026-53704 Out-of-Bounds Read in CVE-2026-53704 (CVE-2026-53704)
vulnerability in CVE-2026-53704 (CVE-2026-53704). Risk of unauthorized operations or information disclosure.
CVE-2026-53703 Out-of-Bounds Read in CVE-2026-53703 (CVE-2026-53703)
vulnerability in CVE-2026-53703 (CVE-2026-53703). Risk of unauthorized operations or information disclosure.
CVE-2026-50890 SQL Injection in sqli (CVE-2026-50890)
SQL injection in sqli (CVE-2026-50890). Successful exploitation can lead to full system takeover.
CVE-2026-52722 Vulnerability in CVE-2026-52722 (CVE-2026-52722)
vulnerability in CVE-2026-52722 (CVE-2026-52722). Risk of unauthorized operations or information disclosure.
CVE-2026-52721 Out-of-Bounds Read in CVE-2026-52721 (CVE-2026-52721)
vulnerability in CVE-2026-52721 (CVE-2026-52721). Risk of unauthorized operations or information disclosure.
CVE-2026-52719 Out-of-Bounds Read in CVE-2026-52719 (CVE-2026-52719)
vulnerability in CVE-2026-52719 (CVE-2026-52719). Risk of unauthorized operations or information disclosure.
CVE-2026-52720 Vulnerability in CVE-2026-52720 (CVE-2026-52720)
vulnerability in CVE-2026-52720 (CVE-2026-52720). Successful exploitation can lead to full system takeover.
CVE-2026-50892 Vulnerability in nginx (CVE-2026-50892)
vulnerability in nginx (CVE-2026-50892). Confidential information can be exposed externally.
CVE-2026-50891 Vulnerability in CVE-2026-50891 (CVE-2026-50891)
vulnerability in CVE-2026-50891 (CVE-2026-50891). Confidential information can be exposed externally.
CVE-2026-50886 Vulnerability in CVE-2026-50886 (CVE-2026-50886)
vulnerability in CVE-2026-50886 (CVE-2026-50886). Confidential information can be exposed externally.
CVE-2026-50885 Vulnerability in CVE-2026-50885 (CVE-2026-50885)
vulnerability in CVE-2026-50885 (CVE-2026-50885). Confidential information can be exposed externally.
CVE-2026-50884 Vulnerability in CVE-2026-50884 (CVE-2026-50884)
vulnerability in CVE-2026-50884 (CVE-2026-50884). Successful exploitation can lead to full system takeover.
CVE-2026-50881 Vulnerability in CVE-2026-50881 (CVE-2026-50881)
vulnerability in CVE-2026-50881 (CVE-2026-50881). Confidential information can be exposed externally.
CVE-2026-50888 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50888)
SSRF in ssrf (CVE-2026-50888). Confidential information can be exposed externally.
CVE-2026-50887 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50887)
SSRF in ssrf (CVE-2026-50887). Confidential information can be exposed externally.
CVE-2026-50882 Vulnerability in dos (CVE-2026-50882)
vulnerability in dos (CVE-2026-50882). Risk of unauthorized operations or information disclosure.
CVE-2026-50889 Vulnerability in dos (CVE-2026-50889)
vulnerability in dos (CVE-2026-50889). Risk of unauthorized operations or information disclosure.
CVE-2026-50883 Cross-Site Scripting (XSS) in CVE-2026-50883 (CVE-2026-50883)
cross-site scripting in CVE-2026-50883 (CVE-2026-50883). Successful exploitation can lead to full system takeover.
CVE-2026-50874 OS Command Injection in CVE-2026-50874 (CVE-2026-50874)
OS command injection in CVE-2026-50874 (CVE-2026-50874). Confidential information can be exposed externally.
CVE-2026-50876 Cross-Site Scripting (XSS) in CVE-2026-50876 (CVE-2026-50876)
cross-site scripting in CVE-2026-50876 (CVE-2026-50876). Risk of unauthorized operations or information disclosure.
CVE-2026-50875 Vulnerability in CVE-2026-50875 (CVE-2026-50875)
vulnerability in CVE-2026-50875 (CVE-2026-50875). Data can be tampered with by attackers.
CVE-2026-50877 Path Traversal in path-traversal (CVE-2026-50877)
path traversal in path-traversal (CVE-2026-50877). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →